VPN

24K

Solutions

23K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi,

I am using 1.1.1.1 Application  WARP apps in iPhone.  I just got this message; do any expert knows what it means? Help please.

Warp message
0
Ensure you’re charging the right price for your IT
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

HI I have a client that is going to china.  He needs his gmail and remote deskop there.   Question does vpn stuff like  turbo VPN and Express VPN work there.  They have a rv042 router that has a vpn clinet and pptp, not sure if they work.
0
As you can see from the picture below, My Speedtest results are fine,
my VPN connection is fine .... in fact, everything is fine with my internet connection
except that Windows 10 (1803) reports that I have no internet connection.
(Troubleshooting suggests a "Network Reset")

This isn't a really a problem and I'm ignoring it.

Can some experts speculate as to why Win10 is reporting incorrectly?

NO-INTERNET.jpg
0
For whatever reason my clients who use Spectrum Cable as an ISP can no longer connect to their office VPN. Using a hotspot it works fine and I also tested with ATT with no issues.. Residential Spectrum it can't get past authenication.. I have not called Spectrum yet, wanted to see if anyone else has run into this..
0
I have a client with a SonicWall TZ105, he currently has a tunnel from his home office to his work location.  He just purchased a Windows 10 laptop and wants to VPN  in when he is travelling.  Does the unit come with a license so he can do this or is an additional license required to be purchased and installed?  What is the best client to use on the laptop?
0
If you need additional info please let me know. Thanks for taking a look at our post.

The problem slow SMB over WAN. Latency avg 27ms  Wiresharks shows the Windows Size is small 8012 for SMB traffic.  Bandwidth 100 MBPS both up and down.  Speed out to the Internet is great both up and down.

Site to Site VPN setup between two Fortigates.  

Copying and opening files between the two sites is slow.  Branch Office has a mix of Win7 and Win10 on the Desktops.  Fileserver is running Win2016.  I have three remote sites with the same problem.  Wireshark tells us we're running SMB 2.0.  

I'm asking for suggestions to increase the file transfer speed over the WAN.  

Fortinet's TAC Level 3 has checked and double checked the Fortigates for misconfiguration errors.  
We have  done things like reduce the MTU size on the Fortigates.  Ran continuous pings on both the private and public interfaces looking for dropped packets.
Checked for mismatched duplexing.  Updated the Fortigates Firmware, Attached laptops directly to the Fortigates and copied files between them, ran Iperf both TCP and UDP between them, etc, etc.

We've read document after document on slow SMB over WAN.  Performance tuning for SMB. - https://www.apachelounge.com/download/contr/Perf-tun-srv-2016.pdf
We've added the registry key for SizReqBuf, and set it to ffff.
Windows Size Scaling is mentioned.
https://www.auvik.com/franklymsp/blog/tcp-window-size/?  This link mentions Windows Scaling is enabled by …
0
Cisco Anyconnect question..

Hello experts,

We have about two years ago we purchased Cisco Anyconnect licenses, it was for version 3.x. I don't really remember why we didn't get version 4 (perhaps 3 was the up-to-date version back then). Anyhow, when I log in to the cisco portal i see that I can't download anyconnect v 4.x, I assume it's an entitlement thing. My question is this: we have another site that purchased anyconnect v4, if they give me the package files can i just upload them to my ASA or the ssl licenses are tied to a specific version?

thanks in advanced..
0
Hi,

Recently here in Expert-Exchange an expert mention Four Ones (1.1.1.1) as an alternative for DNS for a VPN question I had.   Did some google and found that it's from CloudfFare/APNIC, works somewhat as VPN, further their site says they are audited annually by KPMG - so it seems ok or legit.  I am thinking of changing my DNS in all my devices to Four Ones, so I wanted to know the expert thoughts on this.  Is it really faster? Does it work like a VPN? What EE take?

Thank u!
0
Could someone explain to me the difference between Anywhere Access and a VPN with Remote Desktop on Windows Server 2016 Essentials?  I am in the throes of setting up remote access and have to figure out how to set this stuff up.  Any advice on how to proceed would be appreciated.
0
Cannot get Windows Server 2019 SSTP VPN authentication to work. I have set up Windows server 2019 Std on a small ProLiant Microserver straight out of the box. I have installed ADDS, IIS and RRAS , and got a working SSL certificate bound to default website (from LetsEncrypt). I have setup 20 SSTP ports with their own static IP address pool . I am using Windows Authentication (have not installed NPS) and have selected MSChap v2 as a valid authentication protocol.  When I try to connect to this server via this VPN it appears to connect and then immediately fails authentication. It clearly refuses to accept my username and password for the domain (despite that username being an enterprise and domain administrator ).  I have a very similar setup working with a couple of other customers elsewhere but this one just will not work. I have selected Allow Access on the user profile.  Is there something else I've missed?  Something that authorises users to be able to connect to the domain via VPN??
0
Why Diversity in Tech Matters
LVL 13
Why Diversity in Tech Matters

Kesha Williams, certified professional and software developer, explores the imbalance of diversity in the world of technology -- especially when it comes to hiring women. She showcases ways she's making a difference through the Colors of STEM program.

Hi, I have a question for VPN peer IP address. I have a block of public IP addresses I can use. One of them of course is assigned to the public facing interface on my firewall. I need to set up a half dozen site-to-site VPN on the firewall with external agencies. What is the pros and cons of using the interface IP address as the VPN peer IP address for all the VPN sites v.s. using the different public IP address for each individual VPN sites? I am thinking maybe using unique IP address for each VPN peer makes it is easier for tracing and troubleshooting issues, but that's just my random thoughts. Is there a set standard and reasoning as to how you should assign IP address when there are multiple VPN peers?

Also, when it is necessary to NAT the VPN encryption domain (interesting traffic) to a public IP address, is it recommended to use an IP address other than your VPN peer IP address? It seems like using the peer IP for NAT works just fine, but I was told once it's not recommended with no clear explanation.

Thank you in advance for your comments!
0
I wanted to test and eventually use our router's (PepLink Balance One) build in VPN server to access resources on the network for users.
After setting up the VPN server (in the router the feature is called Remote User Access) I choose L2TP with IPsec.
On the client side I used the Windows 10 built in VPN Connection option and after a few tweakings I succeeded in connecting to the server from an outside network.
The problem is that I could only connect to one share, using the file server's internal IP address 192.168.0.x. Cannot access (or ping) anything by the NetBIOS name.
Next step I changed the protocol to PPTP on the server and managed to connect with the client, however still not able to access resources, except by IP address \\<Internal IP address>\Share.
Just as a side note, we don't have a domain, just peer to peer.
0
I have an IPSec VPN from site 1 to site 2.  The VPN shows up and working.

From site one, I can ping the full range over at site two.  I can ping site 2's full range of 192.168.1.0/23 from site one.

From site 2, I can only ping the first range in the subnet at site 1.  The subnet at site 1 is 10.90.20.0/22 and I can ping anything in the 10.90.20.0-10.90.20.255, but nothing higher than that.

I've verified my two address objects and made sure the mask is correct, but I'm having trouble with this final problem.

Can someone point me in the right direction please?

Thank you
0
Sonicwall Global Client VPN cannot connect to Sonicwall TZ300.
The VPN which has Spectrum as the ISP cannot connect to the Data Center on port 500 which has Comcast ISP. It attempts to connect. Sonicwall error log has Received packet retransmission. Drop duplicate packet.
It had connected with no problems until yesterday. Other VPNs on different ISP can connect without any problems.
Is there a problem between the two ISP?
There was another person with same problem down the street. Changed her ISP and cable modem and can connect without any problems now.
0
I have set up a replica DC in Azure. My boss wants to get rid of the on-prem DC and only have the one in Azure. I have transferred all the FSMO roles to the Azure Domain controller, but when I remove the Site to Site VPN connection I can't log into the Azure DC anymore. The internet access is being turned off on-prem tomorrow. Am I missing a step?
0
L2TP Connection Disconnects My Working Network Connection Each time I access the L2TP connection from my Windows 10
0
Cisco IOS SSL VPN on 1941. Caanot access Internet

Im configuring a 1941 router at my home to provide sslVPN for myself while I travel. The main purpose is to get around geofencing. I want all traffic to go across the vpn and exit the internet interface on the same router. with the config below im able to connect to resources on my own network but cannot connect to internet resources.

login as: root
Using keyboard-interactive authentication.
Password:

MyVPNTest#sh run
Building configuration...

Current configuration : 10462 bytes
!
! Last configuration change at 02:57:00 UTC Thu Sep 26 2019
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MyVPNTest
!
boot-start-marker
boot-end-marker
!
!
!
aaa new-model
!
!
aaa authentication login sslvpn local
!
!
!
!
!
aaa session-id common
bsd-client server url https://cloudsso.cisco.com/as/token.oauth2
!
!
!
!
!
!
!
!
!

!
!
!
ip domain name vpntest.com
ip name-server 8.8.8.8
ip name-server 8.8.4.4

!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
!
crypto pki trustpoint my-trustpoint
 enrollment selfsigned
 serial-number
 subject-name CN=firewallcx-certificate
 revocation-check crl
 rsakeypair my-rsa-keys
!
!
crypto pki certificate chain my-trustpoint
 certificate self-signed 01
  30820291 308201FA A0030201 02020101 300D0609 2A864886 F70D0101 …
0
Hi Gents,

I am trying to do an AD cleanup of machines and need a working script I can run a query on to show last machine login or domain authentication for machines that VPN in from the field to the domain and export to a .csv file.  Thank you.
1
We have a site to site VPN tunnel which has been performing well for 4 years.  We are seeing increased traffic this week and are seeing select devices unable to reliably access the tunnel for periods of several minutes to several hours while other devices are able to connect across the tunnel.

The VPN tunnel is used to access a terminal server in a remote site using handheld computers running Windows CE.  We typcially have 12 devices deployed.  Currently we have 18 devices deployed for a 2 week project.

We are seeing that during peak times (more users connected to the RDP server) select devices will be unable to connect.  Pings from the affected device will range from 100% loss to 0%.  The ping failure rate fluctuates.  Users may sometimes connect to the RDP server for a few minutes before being disconnected again.

This problem seems to last between 10 - 120 minutes.

I have taken packet captures at the ASA and see that both ICMP and RDP packets are arriving on the inside interface - the portable computer having the problem is transmitting correctly.

My problem is how do I ensure the ASA is encapsulating these packets and sending them out the Outside interface reliably.  I have taken packet captures on the outside interface but do not know of a way to match these encapsulated packets up to those originating from the problem computer.

I have reviewed: Show crypto ipsec sa

 #pkts encaps: 9228711, #pkts encrypt: 9228711, #pkts digest: 9228711
      

Open in new window

0
Bootstrap 4: Exploring New Features
LVL 13
Bootstrap 4: Exploring New Features

Learn how to use and navigate the new features included in Bootstrap 4, the most popular HTML, CSS, and JavaScript framework for developing responsive, mobile-first websites.

Hi Experts, my colleagues alleges that VPN are totally untraceable.  Yet I tell them that even though one is not traced via the use of a VPN, government can request of the users VPN provider a history of sites visited.  And if the VPN is free, it's even more viable for government access their activity logs (some stuff I learn with u guys!).  So what is the experts take on this? and How viable is my colleagues statements?
0
Hello!
I have Ubuntu 16.04 (Desktop Edition) with OpenVPN server and BIND9 installed. I used a script when I installed OpenVPN. My OpenVPN client is a W10 netbook with 4G USB modem.
When I choose to use Google DNS during OpenVPN installation then I can surf the Internet via OpenVPN just fine (on my OpenVPN client W10 machine). But if I choose to use a current DNS settings (ie. my own BIND9 server), then I can connect from client to server, but DNS doesn't work. I know that I must edit config file of OpenVPN server server.conf AND to also edit client.ovpn client's OpenVPN file too. And I don't know exactly whether my DNS server (BIND9) is properly configured to play this kind of role.
When I go to W10's CMD and do ipconfig /all I do see DNS server with a correct IP of my BIND9 (it's a public IP of my Ubuntu machine, actually). Nevertheless, DNS doesn't work on a client machine and I couldn't find a complete step-by-step manual how to enable this scheme.
0
Two separate businesses using the same domain name have now merged into one.
This is the first time I've ran into this and hope someone could shed some light. We've recently acquired a new client who at one point had two domain controllers. Server 2008 and Server 2012. They moved Server 2012 over to a new location as part of a different business, but kept the same domain name. Server 2008 AD sees the 2012 as a DC, However 2012 doesn't see 2008 as a DC. They are now on different networks, but recently was configured to tunnel back to corporate to share resources.

What I'm trying to accomplish: Join a 2016 DC to their corporate to decommission 2008.

Error I'm getting when promoting 2016 to a DC: "Active Directory preparation failed. The schema master did not complete a replication cycle after the last reboot."



What I've gathered so far.

Server 2008 - DC - samedomain.local - Corporate Office

At one point was replicating to 2012.
Server 2012 - DC - samedomain.local - Remote Office

No longer replicating from 2008.
Recently a WatchGuard VPN was put in so the two locations could talk and share resources. Different IP schemes, and they don't know about each other.

My Question: Can I safely remove 2012 DC from 2008 to stop attemping replication and at the same time continue to operate both under the same domain names, but seperate?

Remote Office will still use 2012 to authenticate locally until we can sit down and plan out a migration plan several …
0
I've just bought a DrayTek Vigor2620Ln (ADSL/VDSL router/firewall with backup WAN port and 4G LTE modem built in - UK version)

I want to be able to create a site-to-site (or LAN to LAN in DrayTek's terminology) VPN via an IPSec tunnel to a Netgear ProSafe firewall I have running at another site. Simultaneously I want to be able to access a L2TP VPN Server running on Windows 2012 RRAS (behind the DrayTek at primary site), via passthrough when I'm out and about.

Having created the site-to-site VPN with a few issues along the way, I have got it working. I have also got the L2TP VPN passthrough working so I can connect from my Windows laptop when away from the main network. HOWEVER, it seems impossible to get both working at the same time. For the site-to-site to work, I have to tick the 'Enable IPSec VPN Service' under the Remote Access Control settings on the Draytek. But once I do this, passthrough of the L2TP Windows VPN fails. If I untick, it is the other way around with the Site-to-site failing and the L2TP passthrough working.

I suspect someone out there will confirm DrayTek routers simply cannot both have a site to site and L2TP passthrough connection connected simultaneously (I momentarily achieved it once, on initial bootup). I appreciate both VPN types use IPSec, however every single Netgear and Linksys router I've owned and used to date has been able to do both simultaneously with zero problems. I'm hopeful I'm missing something, but fear I'm not and the …
0
I've been experiencing this issue when logging into our network from different locations including VPN where drives and folders I normally have access to are no longer available.  Some network shares fail to connect completely and some only show me some folders but not all of them.  This is very strange behavior and I'm not sure what could be accounting for it.

These sites are networked through a wan connection and has DC's at both sites that are trusted.
0
ASA 5508 failed.
Received a new ASA 5508.
via ASDM I've restored from my latest backup config.
Everything looks great with the exception of the VPN Certificates.

Shouldn't these have restored as well?
I was careful to check the "all ssl vpn config" on the restore options.

VPN users receive "No Certificate" when attempting to log in.
0

VPN

24K

Solutions

23K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.